CVE-2019-3821
7.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A flaw was found in the way civetweb frontend was handling requests for ceph RGW server with SSL enabled. An unauthenticated attacker could create multiple connections to ceph RADOS gateway to exhaust file descriptors for ceph-radosgw service resulting in a remote denial of service.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| [UNKNOWN] | ceph | n/a | affected |
Weaknesses
- CWE-772: CWE-772
ADP Enrichment
CVE Program Container
Additional References
- https://usn.ubuntu.com/4035-1/
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3821
- https://github.com/ceph/civetweb/pull/33
References
- https://usn.ubuntu.com/4035-1/
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3821
- https://github.com/ceph/civetweb/pull/33
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.